Extracted

• • Target

    bd38ae7f000063e467ed25f410b8fc5f71c4875c15470a268db5845048fd7d4d

  • Size

    1.5MB

  • MD5

    0f2d22682f9bcb3e7705daa697245902

  • SHA1

    88490f81f8e0b5940a6caaaf6df54d94c3991b5c

  • SHA256

    bd38ae7f000063e467ed25f410b8fc5f71c4875c15470a268db5845048fd7d4d

  • SHA512

    022b5883ada15aee7311a94b20fec65e8d05b9cf3fc4c3e7aab135401006540db68638e8e975057d4d34b7a9728e7b08d0ced42394d5928572e71013e280c7ca

  • SSDEEP

    24576:8yN7YA9zFtl90DwTJf3/7ayll9Y3gOTSlivpyXl1qgEeSMXmXQlT2vOyrf:rx390sVf3DayqwOtvpQWjBM322

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1